Skip to content

feat: GCS-backed auth state persistence for Cloud Run#9

Merged
5queezer merged 15 commits intomainfrom
feature/7-gcs-auth-storage
Mar 21, 2026
Merged

feat: GCS-backed auth state persistence for Cloud Run#9
5queezer merged 15 commits intomainfrom
feature/7-gcs-auth-storage

Conversation

@5queezer
Copy link
Copy Markdown
Owner

@5queezer 5queezer commented Mar 20, 2026

Summary

  • Add pluggable StorageBackend protocol with LocalBackend (no-op) and GCSBackend implementations
  • Persist cookies.json + source-state.json to GCS so Cloud Run cold starts can restore LinkedIn session state
  • Hook into startup (download), post-login (upload), shutdown (upload), and logout (delete) lifecycle points
  • Add [gcs] optional dependency (pip install linkedin-scraper-mcp[gcs])

Configuration

AUTH_STORAGE_BACKEND=gcs
AUTH_STORAGE_GCS_BUCKET=my-bucket
AUTH_STORAGE_GCS_PREFIX=linkedin-mcp    # optional
AUTH_STORAGE_USERNAME=williamhgates

Design

See docs/design-gcs-auth-storage.md for the full design doc with decision log.

Only portable artifacts are persisted (~KB), not the full browser profile. Cloud Run always runs as a foreign runtime and bridges from cookies on every cold start.

Test plan

  • 15 new unit tests with InMemoryBackend and FailingBackend test doubles
  • sync_from_remote raises StorageSyncError on download failure
  • sync_to_remote logs warning but doesn't crash on upload failure
  • delete_remote returns False on failure
  • Config validation rejects incomplete GCS config
  • All 354 existing tests pass with no regressions
  • Manual: deploy to Cloud Run, verify cold start restores session from GCS

Closes #7

Generated with Claude Opus 4.6 (1M context).

Prompt: how to solve https://github.com/5queezer/linkedin-mcp-server/issues/7 → brainstorming → plan → subagent-driven implementation

🤖 Generated with Claude Code

5queezer and others added 12 commits March 20, 2026 22:39
@5queezer @claude
feat(config): add StorageConfig for external auth-state storage
31886b3 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@5queezer @claude
feat(config): load AUTH_STORAGE_* env vars
1de5fd7 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@5queezer @claude
feat(storage): add StorageBackend protocol and LocalBackend
0605ef2 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@5queezer @claude
test(storage): add sync orchestration tests with in-memory backend
f8faab8 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@5queezer @claude
feat(storage): add GCSBackend implementation
6c223d3 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@5queezer @claude
chore: add [gcs] optional dependency for google-cloud-storage
bd7866f 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@5queezer
feat(startup): sync auth state from remote storage before auth check
b7aafb3
@5queezer
feat(login): sync auth state to remote storage after login
f9581f5
@5queezer
feat(shutdown): sync auth state to remote storage after cookie export
dd51f0f
@5queezer
feat(logout): delete remote auth state when storage backend is config…
8303087 
…ured
@5queezer @claude
fix: address code review findings for storage module
d7949f4 
- Guard against None bucket in get_storage_backend()
- Replace assert with `or ""` fallback for username type narrowing
- Skip storage sync when OAuth is enabled (no cookie auth needed)
- Add missing delete_remote failure test

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@5queezer @claude
docs: add GCS auth storage design doc and implementation plan
babca96 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@5queezer
Copy link
Copy Markdown
Owner Author

5queezer commented Mar 20, 2026

@codex review

@chatgpt-codex-connector
Copy link
Copy Markdown

chatgpt-codex-connector bot commented Mar 20, 2026

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

5queezer and others added 3 commits March 21, 2026 00:37
@5queezer @claude
chore: include [gcs] extra in Docker image
e36b70d 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@5queezer @claude
fix: run GCS sync even when OAuth is enabled
e78acba 
Cloud Run needs both: OAuth protects the MCP endpoint, AND cookie-based
auth is needed for LinkedIn scraping. The storage sync must run
regardless of OAuth mode.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@5queezer @claude
fix: skip profile dir check when remote storage provides auth
8e74a2b 
When AUTH_STORAGE_BACKEND=gcs, only cookies.json and source-state.json
are synced — the Chromium profile directory doesn't exist locally.
Relax the startup check to only require source state + cookies when
remote storage is configured, since Cloud Run always bridges from
cookies as a foreign runtime.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@5queezer 5queezer mentioned this pull request Mar 21, 2026
Draft
4 tasks
@5queezer 5queezer merged commit ebbbe94 into main Mar 21, 2026
2 checks passed
@5queezer 5queezer deleted the feature/7-gcs-auth-storage branch March 21, 2026 15:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] Replace cookie-based auth with OAuth2 + persistent session storage

1 participant

@5queezer